Lack of Security Training is Putting Businesses at Risk

Let’s say that one of your employees downloads an attachment from an email claiming to be a receipt for an Amazon order or other online shopping outlet. The attachment then proceeds to infect their workstation with a virus or malware. This puts the integrity of your infrastructure at risk--all because of a simple mistake. Do you send the employee to cybersecurity training, or do you trust they will learn from the mistake and never repeat it?

This is one of the big choices that you will have to make regarding network security for your business, and it absolutely shouldn’t be made lightly. If you don’t take a stance on network security and employee training, you could be opening your doors to even more threats in the future. What is your business supposed to do in situations like these? After all, you can’t just not take any action at all. Depending on your current security practices, you may need to invest a considerable amount of time and resources into strengthening your resilience against cyberattacks.

It’s important to also keep in mind that you’re not alone in regard to security training for your organization--according to PhishMe, 91% of cyberattacks are the result of a data breach caused by spear phishing attacks. These include targeted attempts to steal account information from your users or downloading threats that can later infiltrate your business’ infrastructure. Basically, hackers try to use an employee’s lack of knowledge about technology to their advantage, or they make themselves appear as someone more familiar or a known contact within your organization.

Security Training is On the RiseAs you might guess, cybersecurity training has become a major industry for those who want to take advantage of this lack of knowledge or awareness. Cybersecurity Ventures suggest that the currently $1 billion industry that is cybersecurity training will grow immensely over the next decade, rising to over $10 billion by the year 2027. With more people being connected to some type of smart technology, and even more people entering workforces that demand some sort of knowledge of these developing technologies, it’s never been more important for your workforce to grow more proficient in network security best practices.

Aspects of Security TrainingYour business needs to take a comprehensive approach to security training if you hope to keep your organization secure. Here are some ideas that you should consider for your business’ network security:

Identifying phishing emails: Being able to tell when something’s not right is a valuable skill to have--particularly when cleaning out your email inbox. Not everyone can tell when they are being scammed, even when it might seem clear as day. While it’s better to simply make sure that spam stays out of your inbox in general, it’s more difficult when you’re specifically being targeted by spear phishing tactics. Teach employees what they should look for in a legitimate email. And remember--it’s always better to err on the side of caution. If in doubt, ask someone else what they think about it.

Password best practices: Ordinarily, we would tell you to always keep secure passwords, which include both upper and lower-case letters, numbers, and special symbols, but these don’t matter if you accidentally give it away to someone claiming to be your technology support. Instead, we want to remind you to never give away sensitive information through email, telephone, or otherwise.

Active hands-on security training: Many of the most popular methods of security training have to do with placing your employees in mock scenarios in which they have to respond to a threat. These could include vishing, or voicemail phishing, or even phishing emails themselves, all in an attempt to ensure that they can properly identify and respond to threats.

If your business needs help training its employees, Infradapt can help. To learn more, reach out to us at 800.394.2301.

About the author

John Reilly is Managing Partner at Infradapt, LLC. Prior to joining Infradapt, he was the President of Vital IT Solutions, Inc., where among other roles, he developed a methodology and approach for performing risk and compliance assessments.

Prior to Infradapt, Mr. Reilly founded Vital IT Solutions, Inc., Mr. Reilly worked with Expanets, Inc., as a Senior Converged Account Executive, specializing in VoIP and Security, and a Subject Matter Expert (SME) on HIPAA. His Expanets’ achievements included national Sales awards including Millionaire’s Club and pioneering VoIP deployments for regional clients.

Mr. Reilly also has direct work experience in the banking industry, where he worked in Sales and Management, and in manufacturing, where he worked as an Accountant. John earned his BS in Accounting at Gwynedd-Mercy College, while also studying Negotiation, Decision Making, and Creative Problem Solving. He holds a SANS GIAC security certification and is a member of the Philadelphia Chapter of InfraGard.